FrSIRT rated the vulnerability as "critical," while Microsoft graded it as "important." A bug in the Windows Media Player plug-in could be used to execute arbitrary commands, FrSIRT said.

The flaw is caused by a buffer overflow error that could allow a machine to be taken over if a user was tricked into visiting a specially-crafted website using a non-Microsoft Internet browser such as Netscape or Firefox, FrSIRT wrote in its advisory.